Re: SUID program removal

From: Richard Garand (krogoth2@softhome.net)
Date: 10/18/01 

From: Richard Garand <krogoth2@softhome.net>
To: "Pacifi3r" <pacifi3r@hotmail.com>, focus-linux@securityfocus.com
Subject: Re: SUID program removal
Date: Wed, 17 Oct 2001 20:15:09 -0600
Message-ID: <courier.3BCE3A55.00007B89@softhome.net>

On October 11, 2001 01:51 pm, Pacifi3r wrote:
> Greetz,
> Newbie would like to know which program on a base RedHat 7.1 installed can
> have the SUID bit removed. Base in this instance means that no additional
> package were selected for install.
>
> Thanks
There's probably a simpler way, but you can just chmod it back to the
original properties (or whatever you want). A short demonstration:
richard@deusexmachina:richard$ chmod 4777 RAWRITE.EXE
richard@deusexmachina:richard$ ll RAWRITE.EXE
-rwsrwxrwx 1 richard richard 36064 Oct 12 22:41 RAWRITE.EXE*
richard@deusexmachina:richard$ chmod 777 RAWRITE.EXE
richard@deusexmachina:richard$ ll RAWRITE.EXE
-rwxrwxrwx 1 richard richard 36064 Oct 12 22:41 RAWRITE.EXE*
richard@deusexmachina:richard$
note how the 's' bit on the owner is removed when I chmod it to 777, because
777 is really 0777, removing the SUID bit. 

-- 
Richard Garand
krogoth2@softhome.net, r.garand@sk.sympatico.ca
(L)ICQ: 12190132
Then: I have discovered a truly remarkable proof which this margin is too 
small to contain.
Now: Microsoft has released an unremarkable product which your hard drive is 
too small to contain.

Relevant Pages

  • Re: Of mice and men
    ... Someone can only chmod or chown files that they have permission to do ... The suid bit on a program makes that program run as the owner of the ... Sometimes the suid is set for root owned files. ...
    (comp.lang.cobol)
  • Re: How could this account have been cracked?
    ... I have so many different services running on it, ... easiest way to migrate would be to buy a new box and then install the ... you don't need to touch your /home tree. ... rooted and it had suid shells scattered all over the place. ...
    (comp.os.linux.security)
  • Re: How could this account have been cracked?
    ... you don't need to touch your /home tree. ... People can install garbage anywhere. ... machine rooted and it had suid shells scattered all over the ... to look for any suid and guid files in the /home directory. ...
    (comp.os.linux.security)
  • Re: file permission question
    ... >I am allowing a couple of ppl to have a shell account on one of my machines, ... Firstly, don't just chmod them, chown them with an alternate group like ... the suid bit so make sure you check if the binary is suid before you chmod ... Many utilities that does not run as root or wheel require passwd file ...
    (FreeBSD-Security)
  • Re: Of mice and men
    ... "with enough security that logged in as a normal user, ... With regards to SUID bit. ... install something as a root user and be ... > Someone can only chmod or chown files that they have permission to do ...
    (comp.lang.cobol)